vulnerability
Amazon Linux AMI 2: CVE-2024-50036: Security patch for kernel, kernel-livepatch-4.14.355-275.572, kernel-livepatch-4.14.355-275.582, kernel-livepatch-4.14.355-275.591, kernel-livepatch-4.14.355-275.603, kernel-livepatch-4.14.355-276.618 (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:S/C:C/I:C/A:C) | Oct 21, 2024 | Jan 22, 2025 | May 13, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
net: do not delay dst_entries_add() in dst_release()
dst_entries_add() uses per-cpu data that might be freed at netns
dismantle from ip6_route_net_exit() calling dst_entries_destroy()
Before ip6_route_net_exit() can be called, we release all
the dsts associated with this netns, via calls to dst_release(),
which waits an rcu grace period before calling dst_destroy()
dst_entries_add() use in dst_destroy() is racy, because
dst_entries_destroy() could have been called already.
Decrementing the number of dsts must happen sooner.
Notes:
1) in CONFIG_XFRM case, dst_destroy() can call
dst_release_immediate(child), this might also cause UAF
if the child does not have DST_NOCOUNT set.
IPSEC maintainers might take a look and see how to address this.
2) There is also discussion about removing this count of dst,
which might happen in future kernels.
Solutions
References
- AMAZON-AL2/ALAS-2025-2843
- AMAZON-AL2/ALASKERNEL-5.10-2025-078
- AMAZON-AL2/ALASKERNEL-5.15-2025-060
- AMAZON-AL2/ALASKERNEL-5.4-2025-100
- AMAZON-AL2/ALASLIVEPATCH-2025-224
- AMAZON-AL2/ALASLIVEPATCH-2025-225
- AMAZON-AL2/ALASLIVEPATCH-2025-226
- AMAZON-AL2/ALASLIVEPATCH-2025-227
- AMAZON-AL2/ALASLIVEPATCH-2025-228
- CVE-2024-50036
- https://attackerkb.com/topics/CVE-2024-50036
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.